DescriptionThis article provides the solution to block a traffic from particular country.Solution- Create a geographical based address object.- Go to Policy and Objects -> Addresses, select 'Create New' and fill as below: Name: country name.Example: China.Type: Geography.Interface: wan1.Enable Show in 'Address List' and select 'OK'.
- Create a wan to lan policy with source address as the country for which geo address object is created. In this case:
Source: China.
Destination: all
If in case any VIP policies exist, Keep the policy above VIP policies.
- However, still The incoming traffic will hit to normal VIP policies.
- Make the below changes in that policy in CLI.
# conf firewall policy
edit <firewall policy number>
set match-vip enable
- Now traffic from China country will be blocked.
Related Articles
Technical Note : DENY Policy for Virtual IP Firewall Policy
Technical Tip: How to block by country or geolocation